Adoptable Cookbooks List

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Test Cookbooks as Examples

The cookbooks ran under test-kitchen make excellent usage examples.

The test recipes are found at:
ruby
test/cookbooks/docker_test/

Cgroups, Execution and Storage drivers

Beginning in chef-docker 1.0, support for LXC execution driver has
been removed in favor of native. Cgroups and storage drivers are now
loosely coupled dependencies and should be configured using other
cookbooks if needed.

Storage drivers can be selected with the storage_driver property on
the docker_service resource like this:

docker_service 'default' do
storage_driver 'zfs'
end

Configuration of the backing storage driver, including kernel module
loading, is out of scope for this cookbook.

Example

Properties

repo - One of 'main', 'test', or 'experimental'. Used to calculate
script_url in its absense. Defaults to 'main'

script_url - 'URL of script to pipe into /bin/sh as root.

docker_installation_package

The docker_installation_package resource uses the system package
manager to install Docker. It relies on the pre-configuration of the
system's package repositories. The excellent yum-docker and
apt-docker Supermarket cookbooks are used to do this in test-kitchen.

This is the recommended production installation method.

Example

docker_installation_package 'default' do
version '1.8.3'
action :create
end

Properties

version - Used to calculate package_version string

package_version - Manually specify the package version string

package_name - Name of package to install. Defaults to 'docker-engine'

docker_service_manager

The docker_service_manager resource auto-selects one of the below
resources with the provider resolution system. The
docker_service family all share a common set of properties, which
are listed under the docker_service composite resource.

Properties

source - URL to the pre-compiled Docker binary used for
installation. Defaults to a calculated URL based on kernel version,
Docker version, and platform arch. By default, this will try to get
to "http://get.docker.io/builds/".

version - Docker version to install

checksum - sha256 checksum of Docker binary

instance - Identity for docker_service resource. Defaults to
name. Mostly unimportant for the 1.0 version because of its
singleton status. | String | nil

api_cors_header - Set CORS headers in the remote API

bridge - Attach containers to a network bridge

bip - Specify network bridge IP

debug - Enable debug mode

cluster_store - Cluster store to use

cluster_advertise - Ip and port that this daemon should advertise to the cluster

Properties

A docker_image's full identifier is a string in the form
"<repo>:<tag>". There is some nuance around naming using the public
registry vs a private one.

repo - aka image_name - The first half of a Docker image's
identity. This is a string in the form:
registry:port/owner/image_name. If the registry:port portion is
left off, Docker will implicitly use the Docker public registry.
"Official Images" omit the owner part. This means a repo id can look
as short as busybox, alpine, or centos, to refer to official
images on the public registry, and as long as
my.computers.biz:5043:/what/ever to refer to custom images on an
private registry. Often you'll see something like someara/chef to
refer to private images on the public registry. - Defaults to
resource name.

tag - The second half of a Docker image's identity. - Defaults to latest

source - Path to input for the :import, :build and :build_if_missing
actions. For building, this can be a Dockerfile, a tarball
containing a Dockerfile in its root, or a directory containing a
Dockerfile. For import, this should be a tarball containing Docker
formatted image, as generated with :save.

volumes - An array of volume bindings for this container. Each volume binding
is a string in one of these forms:
container_path to create a new volume for the container.
host_path:container_path to bind-mount a host path into the container.
host_path:container_path:ro to make the bind-mount read-only inside the container.

cap_add - An array Linux Capabilities (man 7 capabilities) to
add to grant the container beyond what it normally gets.

memory_swap - Total memory limit (memory + swap); set -1 to
disable swap. You must use this with memory and make the swap value
larger than memory.

network_disabled - Boolean to disable networking. Defaults to false.

network_mode - Sets the networking mode for the container. One of bridge,
host, container.

open_stdin - Boolean value, opens stdin. Defaults to false.

outfile - The path to write the file when using :export action.

port - The port configuration to use in the container. Matches the
syntax used by the docker CLI tool.

privileged - Boolean to start the container in privileged more.
Defaults to false

publish_all_ports - Allocates a random host port for all of a
container’s exposed ports.

remove_volumes - A boolean to clean up "dangling" volumes when
removing the last container with a reference to it. Default to
false to match the Docker CLI behavior.

restart_policy - One of no, on-failure, unless-stopped, or always. Use
always if you want a service container to survive a Dockerhost
reboot. Defaults to no.

restart_maximum_retry_count - Maximum number of restarts to try
when restart_policy is on-failure. Defaults to an ever
increasing delay (double the previous delay, starting at 100mS), to
prevent flooding the server.

security_opts - A list of string values to customize labels for
MLS systems, such as SELinux.

signal - The signal to send when using the :kill action.
Defaults to SIGKILL.

tty - Boolean value to allocate a pseudo-TTY. Defaults to false.

user - A string value specifying the user inside the container.

volumes - An Array of paths inside the container to expose. Does
the same thing as the VOLUME directive in a Dockerfile, but works
on container creation.

volumes_from - A list of volumes to inherit from another
container. Specified in the form <container name>[:<ro|rw>]

working_dir - A string specifying the working directory for
commands to run in.

read_timeout - May need to increase for commits or exports that are slow

write_timeout - May need to increase for commits or exports that are slow

kill_after - Number of seconds to wait before killing the container. Defaults
to wait indefinitely; eventually will hit read_timeout limit.

timeout - Seconds to wait for an attached container to return

tls - Use TLS; implied by --tlsverify. Defaults to ENV['DOCKER_TLS'] if set

tls_verify - Use TLS and verify the remote. Defaults to ENV['DOCKER_TLS_VERIFY'] if set

tls_ca_cert - Trust certs signed only by this CA. Defaults to ENV['DOCKER_CERT_PATH'] if set

tls_client_cert - Path to TLS certificate file for docker cli. Defaults to ENV['DOCKER_CERT_PATH'] if set

tls_client_key - Path to TLS key file for docker cli. Defaults to ENV['DOCKER_CERT_PATH'] if set

Actions

:create - Creates the container but does not start it. Useful for
Volume containers.

:start - Starts the container. Useful for containers that run
jobs.. command that exit.

:run - The default action. Both :create and :start the container in one action.
Redeploys the container on resource change.

:run_if_missing - Runs a container only once.

:stop - Stops the container.

:restart - Stops the starts the container.

:kill - Send a signal to the container process. Defaults to SIGKILL.

:pause - Pauses the container.

:unpause - Unpauses the container.

:delete - Deletes the container.

:redeploy - Deletes and runs the container.

docker_registry

The docker_registry resource is responsible for managing the
connection auth information to a Docker registry.

docker_network

The docker_network resource is responsible for managing Docker named
networks. Usage of overlay driver requires the docker_service to be
configured to use a distributed key/value store like etcd, consul,
or zookeeper.

Maintainers

License

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

IMPORTANT
* attributes/ will be removed in the next release.
* most are currently non-functional
* All options will be driven through resource properties

v0.37.0

Please note some important changes with this release:

The sysconfig DOCKER_OPTS improvement in #250 can potentially change the behavior of that environment variable as it now allows shell interpolation of any embedded variables. This should not affect most environments. If your DOCKER_OPTS does contains any expected $, please escape via \$ for previous behavior or be sure it will behave as expected before upgrading.

The daemon restart option (which is deprecated) has been defaulted to nil instead of false when node['docker']['container_init_type'] is set to prevent issues with container restart policies. If you're dependent on the daemon option, please be sure to update your node['docker']['restart'] appropriately.

0.35.1

0.35.0

After a long personal hiatus (sorry!), this is the last minor release before 1.0 of the cookbook. If you can handle the Docker port number change and don't use anything deprecated, upgrading to 1.0.X from 0.35.X of the cookbook should be very easy.

This release has a bunch of changes and hasn't been fully tested yet. Wanted to get it out there for broad testing. Please use caution!

Major kudos to @tduffield for the #147 PR, which includes:
* Binary Installation
* Added missing dependency resolution for using the binary.
* Dependency Checks
* Added docker::dep_check that will take an action if certain dependencies are not met.
* node[docker][alert_on_error_action] = :fatal will kill the chef run and print the error message.
* node[docker][alert_on_error_action] = :warn will print the error message but continue with the chef run. There is no guarantee that it will succeed though.
* KitchenCI
* Copied MiniTests to ServerSpec Tests
* Added new platforms (Debian 7.4)
* Changed provisioner from chef-solo to chef-zero
* Removed Ubuntu 12.10 because it is not supported by Docker and the Kernel is bad and fails all the tests.
* Removed tests for the source recipe. The dotcloud/docker repo actually doesn’t build any Go deliverables.
* I think that the source recipe needs to be completely refactored.

0.31.0

Please note change of storage_type attribute from devmapper to devicemapper (and associated recipe name change) to match docker's name for the driver.

Cookbook now automatically adds -s option to init configurations if storage_type is defined, which is it by default. If you were specifying -s in the options attribute, you no longer need to do so. In my quick testing, docker daemon doesn't seem to mind if -s is specified twice on startup, although you'll probably want to get rid of the extra specification.

I've also dropped the LANG= and LC_ALL= locale environment settings from the Upstart job configuration. Its not specified in the default docker job. Please open an issue in docker project and here if for some reason this is actually necessary.

0.14.0

Bugfix: #27 Only use command to determine running container if provided

Bugfix: #28 Upstart requires full stop and start of service instead of restart if job configuration changes while already running. Note even initctl reload-configuration isn't working as expected from http://upstart.ubuntu.com/faq.html#reload